LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-6833 (trac)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 9 Update: trac-0.10.5-1.fc9


Date:
    	      Wed, 30 Jul 2008 20:06:14 +0000


Message-ID:
    	      <20080730200616.EC10F1AD191@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-6833
2008-07-30 18:07:15
--------------------------------------------------------------------------------

Name        : trac
Product     : Fedora 9
Version     : 0.10.5
Release     : 1.fc9
URL         : http://trac.edgewall.com/
Summary     : Enhanced wiki and issue tracking system
Description :
Trac is an integrated system for managing software projects, an
enhanced wiki, a flexible web-based issue tracker, and an interface to
the Subversion revision control system.  At the core of Trac lies an
integrated wiki and issue/bug database. Using wiki markup, all objects
managed by Trac can directly link to other issues/bug reports, code
changesets, documentation and files.  Around the core lies other
modules, providing additional features and tools to make software
development more streamlined and effective.

--------------------------------------------------------------------------------
Update Information:

Update to 0.10.5 to fix two non-critical security issues:    CVE-2008-2951:
Open redirect vulnerability in the search script in Trac before 0.10.5 allows
remote attackers to redirect users to arbitrary web sites and conduct phishing
attacks via a URL in the q parameter.    CVE-2008-3328:  Cross-site scripting
(XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote
attackers to inject arbitrary web script or HTML via unknown vectors.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 22 2008 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.10.5-1
- Update to 0.10.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #456874 - trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328)
        https://bugzilla.redhat.com/show_bug.cgi?id=456874
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update trac' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds